To complement what JT said, here’s the bit of documentation that covers this: “Pass rules are Suricata rules that if matching, pass the packet and in case of TCP the rest of the flow.” (9.7. Ignoring Traffic — Suricata 7.0.0-rc2-dev documentation)
I guess one key point here is that pass rules should not be used lightly, but only with trusted sources and/or for performance reasons - say, for instance, to pass tls traffic once traffic is established (although that could be done via suricata yaml, actually - 9.7. Ignoring Traffic — Suricata 7.0.0-rc2-dev documentation).
I think it is also worth noticing that pass and bypass are different, for Suricata. With pass you’d still see app-layer events logged for the flow. The rules won’t be evaluated for it, but you would still see http events. Suricata has a bypass keyword, but it’s a bit different than a rule action - 6.12. Bypass Keyword — Suricata 7.0.0-rc2-dev documentation